package fuzion24.device.vulnerability.vulnerabilities.framework.zip;


import android.content.Context;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.util.ArrayList;
import java.util.List;
import java.util.zip.ZipEntry;
import java.util.zip.ZipException;
import java.util.zip.ZipFile;
import java.util.zip.ZipOutputStream;

import fuzion24.device.vulnerability.util.CPUArch;
import fuzion24.device.vulnerability.vulnerabilities.VulnerabilityTest;

public class ZipBug8219321 implements VulnerabilityTest {

    @Override
    public List<CPUArch> getSupportedArchitectures() {
        ArrayList<CPUArch> archs = new ArrayList<>();
        archs.add(CPUArch.ALL);
        return archs;
    }

    public String getCVEorID(){
        return "CVE-2013-4787";
    }

    private static void replaceBytes(byte[] original, byte[] replacement, byte[] buffer) throws Exception {
        // Gotcha here: original and replacement must be the same length
        if(original.length != replacement.length)
           throw new Exception("Original Length is not equal to replacement length");

        boolean found;
        for(int i=0; i < buffer.length - original.length; i++) {
            found = false;
            if (buffer[i] == original[0]) {
                found = true;
                for (int j=0; j < original.length; j++) {
                    if (buffer[i+j] != original[j]) {
                        found = false;
                        break;
                    }
                }
            }
            if (found) {
                for (int j=0; j < original.length; j++) {
                    buffer[i+j] = replacement[j];
                }
            }
        }
    }

    /**
     * Make sure we don't fail silently for duplicate entries.
     * b/8219321
     */
    public boolean isVulnerable(Context context) throws Exception {
        String entryName = "test_file_name1";
        String tmpName = "test_file_name2";

        // create the template data
        ByteArrayOutputStream bytesOut = new ByteArrayOutputStream();
        ZipOutputStream out = new ZipOutputStream(bytesOut);
        ZipEntry ze1 = new ZipEntry(tmpName);
        out.putNextEntry(ze1);
        out.closeEntry();
        ZipEntry ze2 = new ZipEntry(entryName);
        out.putNextEntry(ze2);
        out.closeEntry();
        out.close();

        // replace the bytes we don't like
        byte[] buf = bytesOut.toByteArray();
        replaceBytes(tmpName.getBytes(), entryName.getBytes(), buf);

        // write the result to a file
        File outputDir = context.getCacheDir();
        File badZip = File.createTempFile("prefix", "extension", outputDir);
        badZip.deleteOnExit();
        FileOutputStream outstream = new FileOutputStream(badZip);
        outstream.write(buf);
        outstream.close();

        // see if we can still handle it
        try (ZipFile bad = new ZipFile(badZip)) {
            return true;
        } catch (ZipException expected) {
            if(expected.getMessage().contains("Duplicate entry name"))
                return false;
            else
                throw expected;
        }
    }
}
